[PATCH net v3 09/11] rxrpc: Fix keyring reference count leak in rxrpc_setsockopt()
Anderson Nascimento
anderson at allelesecurity.com
Sat Mar 28 07:53:11 PDT 2026
On Fri, Mar 27, 2026 at 4:24 AM David Howells <dhowells at redhat.com> wrote:
>
> Anderson Nascimento <anderson at allelesecurity.com> wrote:
>
> > To make the logic more coherent, what if we check if (rx->key ||
> > rx->securities) in both options and remove the rx->securities check from
> > rxrpc_request_key()?
>
> You're allowed to have both a keyring (server) and a key (client). You can
> issue client calls on a server socket. The in-kernel kafs filesystem does
> this, for example - though it normally sets the outgoing key on individual
> calls.
>
Understood, thanks.
> To parallel the kernel example, it might be worth my while adding a CMSG tag
> to take a key ID or key description so the rxrpc_sendmsg() can do a
> request_key() when setting up a call (the AF_RXRPC socket allows a different
> key with each call dispatched), though the AFS command line tools tend only to
> talk to a single cell at a time (you only need one key for comms with an
> entire cell).
>
> Davod
>
--
Anderson Nascimento
Allele Security Intelligence
https://www.allelesecurity.com
More information about the linux-afs
mailing list